Submeter #448705: CodeAstro HMS Hospital Management System 1.0 Arbitrary Authenticated File Upload Leading to RCEinformação

TítuloCodeAstro HMS Hospital Management System 1.0 Arbitrary Authenticated File Upload Leading to RCE
DescriçãoThe file upload functionality at the endpoint /his_doc_update-account.php in the HMS (Hospital Management System) application allows users to upload files without proper validation. An attacker can exploit this vulnerability to upload a malicious PHP file, potentially enabling remote code execution (RCE) on the server.
Fonte⚠️ https://github.com/EmilGallajov/zero-day/blob/main/codeastro_hms_rce.md
Utilizador
 egsec (UID 77043)
Submissão20/11/2024 12h20 (há 2 anos)
Moderação25/11/2024 15h39 (5 days later)
EstadoAceite
Entrada VulDB286014 [CodeAstro Hospital Management System 1.0 his_doc_update-account.php doc_dpic Elevação de Privilégios]
Pontos19

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!